A company is implementing an application on Amazon EC2 instances. The application needs to process
incoming transactions. When the application detects a transaction that is not valid, the application
must send a chat message to the company's support team. To send the message, the application needs
to retrieve the access token to authenticate by using the chat API.
A developer needs to
implement a solution to store the access token. The access token must be encrypted at rest and in
transit. The access token must also be accessible from other AWS accounts.
Which solution will
meet these requirements with the LEAST management overhead?
Correct Answer:
D
🗳️
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement
an application that collects all the lifecycle events of the EC2 instances. The application needs to
store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the
company's main AWS account for further processing.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
An application is using Amazon Cognito user pools and identity pools for secure access. A developer
wants to integrate the user-specific file upload and download features in the application with
Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and
that users can access only their own files. The file sizes range from 3 KB to 300 MB.
Which
option will meet these requirements with the HIGHEST level of security?
Correct Answer:
D
🗳️
A company is building a scalable data management solution by using AWS services to improve the speed
and agility of development. The solution will ingest large volumes of data from various sources and
will process this data through multiple business rules and transformations.
The solution requires
business rules to run in sequence and to handle reprocessing of data if errors occur when the
business rules run. The company needs the solution to be scalable and to require the least possible
maintenance.
Which AWS service should the company use to manage and automate the orchestration of
the data flows to meet these requirements?
Correct Answer:
D
🗳️
A developer has created an AWS Lambda function that is written in Python. The Lambda function reads
data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is
successfully invoked from an S3 event notification when an object is created. However, the function
fails when it attempts to write to the DynamoDB table.
What is the MOST likely cause of this
issue?
Correct Answer:
D
🗳️
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across
multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance
types.
How can the developer incorporate the list of approved instance types in the
CloudFormation template?
Correct Answer:
D
🗳️
A developer has an application that makes batch requests directly to Amazon DynamoDB by using the
BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys
element.
Which actions should the developer take to increase the resiliency of the application
when the batch response includes values in UnprocessedKeys? (Choose two.)
Correct Answer:
BD
🗳️
A company is running a custom application on a set of on-premises Linux servers that are accessed
using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage.
How can a
developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?
Correct Answer:
B
🗳️
A company wants to share information with a third party. The third party has an HTTP API endpoint
that the company can use to share the information. The company has the required API key to access
the HTTP API.
The company needs a way to manage the API key by using code. The integration of the
API key with the application code cannot affect application performance.
Which solution will meet
these requirements MOST securely?
Correct Answer:
B
🗳️
A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The
developer needs to securely store and retrieve different types of variables. These variables include
authentication information for a remote API, the URL for the API, and credentials. The
authentication information and API URL must be available to all current and future deployed versions
of the application across development, testing, and production environments.
How should the
developer retrieve the variables with the FEWEST application changes?
Correct Answer:
B
🗳️
A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal
employee directory to use native AWS services. A developer needs to create a solution for storing
employee contact details and high-resolution photos for use with the new application.
Which
solution will enable the search and retrieval of each employee's individual details and
high-resolution photos using AWS APIs?
Correct Answer:
B
🗳️
A developer is creating an application that will give users the ability to store photos from their
cellphones in the cloud. The application needs to support tens of thousands of users. The
application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to
process the photos. The application stores details about the photos in Amazon DynamoDB.
Users
need to create an account to access the application. In the application, users must be able to
upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to
5 MB.
Which solution will meet these requirements with the LEAST operational overhead?
Correct Answer:
B
🗳️
A company receives food orders from multiple partners. The company has a microservices application
that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling
a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function
to process the orders.
Partners need to be notified after the Lambda function processes the
orders. Each partner must receive updates for only the partner's own orders. The company wants to
add new partners in the future with the fewest code changes possible.
Which solution will meet
these requirements in the MOST scalable way?
Correct Answer:
C
🗳️
A financial company must store original customer records for 10 years for legal reasons. A complete
record contains personally identifiable information (PII). According to local regulations, PII is
available to only certain people in the company and must not be shared with third parties. The
company needs to make the records available to third-party organizations for statistical analysis
without sharing the PII.
A developer wants to store the original immutable record in Amazon S3.
Depending on who accesses the S3 document, the document should be returned as is or with all the PII
removed. The developer has written an AWS Lambda function to remove the PII from the document. The
function is named removePii.
What should the developer do so that the company can meet the PII
requirements while maintaining only one copy of the document?
Correct Answer:
C
🗳️
A developer is deploying an AWS Lambda function The developer wants the ability to return to older
versions of the function quickly and seamlessly.
How can the developer achieve this goal with the
LEAST operational overhead?
Correct Answer:
B
🗳️
A developer has written an AWS Lambda function. The function is CPU-bound. The developer wants to
ensure that the function returns responses quickly.
How can the developer improve the function's
performance?
Correct Answer:
B
🗳️
For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?
Correct Answer:
A
🗳️
A company is building a serverless application on AWS. The application uses an AWS Lambda function
to process customer orders 24 hours a day, 7 days a week. The Lambda function calls an external
vendor's HTTP API to process payments.
During load tests, a developer discovers that the external
vendor payment processing API occasionally times out and returns errors. The company expects that
some payment processing API calls will return errors.
The company wants the support team to
receive notifications in near real time only when the payment processing external API error rate
exceed 5% of the total number of transactions in an hour. Developers need to use an existing Amazon
Simple Notification Service (Amazon SNS) topic that is configured to notify the support
team.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A company is offering APIs as a service over the internet to provide unauthenticated read access to
statistical information that is updated daily. The company uses Amazon API Gateway and AWS Lambda to
develop the APIs. The service has become popular, and the company wants to enhance the
responsiveness of the APIs.
Which action can help the company achieve this goal?
Correct Answer:
A
🗳️
A developer wants to store information about movies. Each movie has a title, release year, and
genre. The movie information also can include additional properties about the cast and production
crew. This additional information is inconsistent across movies. For example, one movie might have
an assistant director, and another movie might have an animal trainer.
The developer needs to
implement a solution to support the following use cases:
For a given title and release year, get
all details about the movie that has that title and release year.
For a given title, get all
details about all movies that have that title.
For a given genre, get all details about all
movies in that genre.
Which data store configuration will meet these requirements?
Correct Answer:
A
🗳️
A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI
and Amazon Cognito authentication.
The developer has a new version of the API that contains new
endpoints and backward-incompatible interface changes. The developer needs to provide beta access to
other developers on the team without affecting customers.
Which solution will meet these
requirements with the LEAST operational overhead?
Correct Answer:
A
🗳️
A developer is creating an application that will store personal health information (PHI). The PHI
needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the
data. The developer wants to increase the performance of the application by caching frequently
accessed data while adding the ability to sort or rank the cached datasets.
Which solution will
meet these requirements?
Correct Answer:
A
🗳️
A company has a multi-node Windows legacy application that runs on premises. The application uses a
network shared folder as a centralized configuration repository to store configuration files in .xml
format. The company is migrating the application to Amazon EC2 instances. As part of the migration
to AWS, a developer must identify a solution that provides high availability for the
repository.
Which solution will meet this requirement MOST cost-effectively?
Correct Answer:
C
🗳️
A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted
in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub.
The
company wants to implement phased releases by using development, staging, user acceptance testing,
and production environments in the AWS Cloud. Deployments to each environment must be started by
code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The
company needs a solution that does not require servers to run continuously.
Which solution will
meet these requirements with the LEAST operational overhead?
Correct Answer:
A
🗳️
A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy
workloads. The company wants to refactor the code to achieve optimum read performance for
queries.
Which solution will meet this requirement with LEAST current and future effort?
Correct Answer:
B
🗳️
A developer is creating an application that will be deployed on IoT devices. The application will
send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign
each API request a unique identifier. The volume of API requests from the application can randomly
increase at any given time of day.
During periods of request throttling, the application might
need to retry requests. The API must be able to handle duplicate requests without inconsistencies or
data loss.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A developer wants to expand an application to run in multiple AWS Regions. The developer wants to
copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the
destination Region. According to company requirements, all AMIs must be encrypted in all Regions.
However, not all the AMIs that the company uses are encrypted.
How can the developer expand the
application to run in the destination Region while meeting the encryption requirement?
Correct Answer:
B
🗳️
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web
application can be accessed through Amazon CloudFront from https://www.example.com. After a
successful rollout, the company wants to host three more client-side web applications for its
remaining subsidiaries on three separate S3 buckets.
To achieve this goal, a developer moves all
the common JavaScript files and web fonts to a central S3 bucket that serves the web applications.
However, during testing, the developer notices that the browser blocks the JavaScript files and web
fonts.
What should the developer do to prevent the browser from blocking the JavaScript files and
web fonts?
Correct Answer:
C
🗳️
An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into
Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show
that the failed call returns the response shown below:
Which
techniques will help mitigate this exception? (Choose two.)
Correct Answer:
AC
🗳️
A company has an application that uses Amazon Cognito user pools as an identity provider. The
company must secure access to user records. The company has set up multi-factor authentication
(MFA). The company also wants to send a login activity notification by email every time a user logs
in.
What is the MOST operationally efficient solution that meets this requirement?
Correct Answer:
B
🗳️
A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP
API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket
the developer must encrypt these objects at rest by using server-side encryption with Amazon S3
managed keys (SSE-S3).
Which solution will meet this requirement?
Correct Answer:
B
🗳️
A developer needs to perform geographic load testing of an API. The developer must deploy resources
to multiple AWS Regions to support the load testing of the API.
How can the developer meet these
requirements without additional application code?
Correct Answer:
B
🗳️
A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2
Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The
developer has acquired an SSL/TLS certificate for the domain from a third-party provider.
How
should the developer configure the custom domain for the application?
Correct Answer:
B
🗳️
A developer is creating a template that uses AWS CloudFormation to deploy an application. The
application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.
Which AWS
service or tool should the developer use to define serverless resources in YAML?
Correct Answer:
C
🗳️
A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to
an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?
Correct Answer:
B
🗳️
A development team maintains a web application by using a single AWS CloudFormation template. The
template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template
to deploy the Cloud Formation stack to different environments.
During a recent application
deployment, a developer caused the primary development database to be dropped and recreated. The
result of this incident was a loss of data. The team needs to avoid accidental database deletion in
the future.
Which solutions will meet these requirements? (Choose two.)
Correct Answer:
AD
🗳️
A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in
transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management
Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use
the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce
that all requests to retrieve the data provide encryption in transit?
Correct Answer:
A
🗳️
An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an
Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a
table to the user. During testing, a developer discovers that the application does not show any
objects in the list.
What is the MOST secure way to resolve this issue?
Correct Answer:
B
🗳️
A company is planning to securely manage one-time fixed license keys in AWS. The company's
development team needs to access the license keys in automaton scripts that run in Amazon EC2
instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST
cost-effectively?
Correct Answer:
C
🗳️
A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambda
function that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a
private subnet in company's VPC. The VPC is named VPC1. The data is relational in nature. The Lambda
function needs to access the data securely.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda
function to process requests from clients. During testing, the developer notices that the API
Gateway times out even though the Lambda function finishes under the set time limit.
Which of the
following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue?
(Choose two.)
Correct Answer:
BD
🗳️
A development team wants to build a continuous integration/continuous delivery (CI/CD) pipeline. The
team is using AWS CodePipeline to automate the code build and deployment. The team wants to store
the program code to prepare for the CI/CD pipeline.
Which AWS service should the team use to
store the program code?
Correct Answer:
C
🗳️
A developer is designing an AWS Lambda function that creates temporary files that are less than 10
MB during invocation. The temporary files will be accessed and modified multiple times during
invocation. The developer has no need to save or retrieve these files in the future.
Where should
the temporary files be stored?
Correct Answer:
A
🗳️
A developer is designing a serverless application with two AWS Lambda functions to process photos.
One Lambda function stores objects in an Amazon S3 bucket and stores the associated metadata in an
Amazon DynamoDB table. The other Lambda function fetches the objects from the S3 bucket by using the
metadata from the DynamoDB table. Both Lambda functions use the same Python library to perform
complex computations and are approaching the quota for the maximum size of zipped deployment
packages.
What should the developer do to reduce the size of the Lambda deployment packages with
the LEAST operational overhead?
Correct Answer:
B
🗳️
A developer is writing an AWS Lambda function. The developer wants to log key events that occur
while the Lambda function runs. The developer wants to include a unique identifier to associate the
events with a specific function invocation. The developer adds the following code to the Lambda
function:
Which
solution will meet this requirement?
Correct Answer:
D
🗳️
A developer is working on a serverless application that needs to process any changes to an Amazon
DynamoDB table with an AWS Lambda function.
How should the developer configure the Lambda
function to detect changes to the DynamoDB table?
Correct Answer:
C
🗳️
An application uses an Amazon EC2 Auto Scaling group. A developer notices that EC2 instances are
taking a long time to become available during scale-out events. The UserData script is taking a long
time to run.
The developer must implement a solution to decrease the time that elapses before an
EC2 instance becomes available. The solution must make the most recent version of the application
available at all times and must apply all available security updates. The solution also must
minimize the number of images that are created. The images must be validated.
Which combination
of steps should the developer take to meet these requirements? (Choose two.)
Correct Answer:
AB
🗳️
A developer is creating an AWS Lambda function that needs credentials to connect to an Amazon RDS
for MySQL database. An Amazon S3 bucket currently stores the credentials. The developer needs to
improve the existing solution by implementing credential rotation and secure storage. The developer
also needs to provide integration with the Lambda function.
Which solution should the developer
use to store and retrieve the credentials with the LEAST management overhead?
Correct Answer:
C
🗳️
A developer has written the following IAM policy to provide access to an Amazon S3 bucket:
Which
access does the policy allow regarding the s3:GetObject and s3:PutObject actions?
Correct Answer:
D
🗳️
A developer is creating a mobile app that calls a backend service by using an Amazon API Gateway
REST API. For integration testing during the development phase, the developer wants to simulate
different backend responses without invoking the backend service.
Which solution will meet these
requirements with the LEAST operational overhead?
Correct Answer:
B
🗳️
A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS
depend on the on-premises application for proper functioning. In case of any application errors, the
developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications
from one place.
How can the developer accomplish this?
Correct Answer:
B
🗳️
An Amazon Kinesis Data Firehose delivery stream is receiving customer data that contains personally
identifiable information. A developer needs to remove pattern-based customer identifiers from the
data and store the modified data in an Amazon S3 bucket.
What should the developer do to meet
these requirements?
Correct Answer:
A
🗳️
A developer is using an AWS Lambda function to generate avatars for profile pictures that are
uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for profile pictures
that are saved under the /original/ S3 prefix. The developer notices that some pictures cause the
Lambda function to time out. The developer wants to implement a fallback mechanism by using another
Lambda function that resizes the profile picture.
Which solution will meet these requirements
with the LEAST development effort?
Correct Answer:
C
🗳️
A developer needs to migrate an online retail application to AWS to handle an anticipated increase
in traffic. The application currently runs on two servers: one server for the web application and
another server for the database. The web server renders webpages and manages session state in
memory. The database server hosts a MySQL database that contains order details. When traffic to the
application is heavy, the memory usage for the web server approaches 100% and the application slows
down considerably.
The developer has found that most of the memory increase and performance
decrease is related to the load of managing additional user sessions. For the web server migration,
the developer will use Amazon EC2 instances with an Auto Scaling group behind an Application Load
Balancer.
Which additional set of changes should the developer make to the application to improve
the application's performance?
Correct Answer:
A
🗳️
An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the
metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the
developer wants to examine the logs of the Lambda function code for errors.
Based on this system
configuration, where would the developer find the logs?
Correct Answer:
C
🗳️
A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The
company recently observed slow processing of the records. A developer notices that the iterator age
metric for the function is increasing and that the Lambda run duration is constantly above
normal.
Which actions should the developer take to increase the processing speed? (Choose two.)
Correct Answer:
AC
🗳️
A company needs to harden its container images before the images are in a running state. The
company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry.
Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that
orchestrates a continuous integration and continuous delivery (CI/CD) workflow.
Dynamic
application security testing occurs in the final stage of the pipeline after a new image is deployed
to a development namespace in the EKS cluster. A developer needs to place an analysis stage before
this deployment to analyze the container image earlier in the CI/CD pipeline.
Which solution will
meet these requirements with the MOST operational efficiency?
Correct Answer:
D
🗳️
A developer is testing a new file storage application that uses an Amazon CloudFront distribution to
serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin
access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.
The
application prompts users to authenticate on a login page and then uses signed cookies to allow
users to access their personal storage directories. The developer has configured the distribution to
use its default cache behavior with restricted viewer access and has set the origin to point to the
S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a
403 Forbidden error.
The developer needs to implement a solution to allow unauthenticated access
to the login page. The solution also must keep all private content secure.
Which solution will
meet these requirements?
Correct Answer:
A
🗳️
A developer is using AWS Amplify Hosting to build and deploy an application. The developer is
receiving an increased number of bug reports from users. The developer wants to add end-to-end
testing to the application to eliminate as many bugs as possible before the bugs reach
production.
Which solution should the developer implement to meet these requirements?
Correct Answer:
C
🗳️
An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application
tier. To process orders during checkout, the application calls a POST API from the frontend. The
POST API invokes the Lambda function asynchronously. In rare situations, the application has not
processed orders. The Lambda application logs show no errors or failures.
What should a developer
do to solve this problem?
Correct Answer:
B
🗳️
A company is building a web application on AWS. When a customer sends a request, the application
will generate reports and then make the reports available to the customer within one hour. Reports
should be accessible to the customer for 8 hours. Some reports are larger than 1 MB. Each report is
unique to the customer. The application should delete all reports that are older than 2
days.
Which solution will meet these requirements with the LEAST operational overhead?
Correct Answer:
B
🗳️
A company has deployed an application on AWS Elastic Beanstalk. The company has configured the Auto
Scaling group that is associated with the Elastic Beanstalk environment to have five Amazon EC2
instances. If the capacity is fewer than four EC2 instances during the deployment, application
performance degrades. The company is using the all-at-once deployment policy.
What is the MOST
cost-effective way to solve the deployment issue?
Correct Answer:
C
🗳️
A developer is incorporating AWS X-Ray into an application that handles personal identifiable
information (PII). The application is hosted on Amazon EC2 instances. The application trace messages
include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes
outside of the EC2 instances.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A developer is migrating some features from a legacy monolithic application to use AWS Lambda
functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in
private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB
cluster are deployed in the same AWS Region in the same AWS account.
The developer needs to
ensure that the Lambda functions can securely access the DB cluster without crossing the public
internet.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
A developer is building a new application on AWS. The application uses an AWS Lambda function that
retrieves information from an Amazon DynamoDB table. The developer hard coded the DynamoDB table
name into the Lambda function code. The table name might change over time. The developer does not
want to modify the Lambda code if the table name changes.
Which solution will meet these
requirements MOST efficiently?
Correct Answer:
C -
🗳️
A company has a critical application on AWS. The application exposes an HTTP API by using Amazon API
Gateway. The API is integrated with an AWS Lambda function. The application stores data in an Amazon
RDS for MySQL DB instance with 2 virtual CPUs (vCPUs) and 64 GB of RAM.
Customers have
reported that some of the API calls return HTTP 500 Internal Server Error responses. Amazon
CloudWatch Logs shows errors for “too many connections.” The errors occur during peak usage times
that are unpredictable.
The company needs to make the application resilient. The database
cannot be down outside of scheduled maintenance hours.
Which solution will meet these
requirements?
Correct Answer:
B
🗳️
A company has installed smart meters in all its customer locations. The smart meters measure power
usage at 1-minute intervals and send the usage readings to a remote endpoint for collection. The
company needs to create an endpoint that will receive the smart meter readings and store the
readings in a database. The company wants to store the location ID and timestamp
information.
The company wants to give its customers low-latency access to their current
usage and historical usage on demand. The company expects demand to increase significantly. The
solution must not impact performance or include downtime while scaling.
Which solution will
meet these requirements MOST cost-effectively?
Correct Answer:
B
🗳️
A company is building a serverless application that uses AWS Lambda functions. The company needs to
create a set of test events to test Lambda functions in a development environment. The test events
will be created once and then will be used by all the developers in an IAM developer group. The test
events must be editable by any of the IAM users in the IAM developer group.
Which solution
will meet these requirements?
Correct Answer:
B
🗳️
A developer is configuring an application's deployment environment in AWS CodePipeline. The
application code is stored in a GitHub repository. The developer wants to ensure that the repository
package's unit tests run in the new deployment environment. The developer has already set the
pipeline's source provider to GitHub and has specified the repository and branch to use in the
deployment.
Which combination of steps should the developer take next to meet these
requirements with the LEAST overhead? (Choose two.)
Correct Answer:
BD
🗳️
An engineer created an A/B test of a new feature on an Amazon CloudWatch Evidently project. The
engineer configured two variations of the feature (Variation A and Variation B) for the test. The
engineer wants to work exclusively with Variation A. The engineer needs to make updates so that
Variation A is the only variation that appears when the engineer hits the application's
endpoint.
Which solution will meet this requirement?
Correct Answer:
B
🗳️
A developer is working on an existing application that uses Amazon DynamoDB as its data store. The
DynamoDB table has the following attributes: partNumber (partition key), vendor (sort key),
description, productFamily, and productType. When the developer analyzes the usage patterns, the
developer notices that there are application modules that frequently look for a list of products
based on the productFamily and productType attributes.
The developer wants to make changes to
the application to improve performance of the query operations.
Which solution will meet
these requirements?
Correct Answer:
A
🗳️
A developer creates a VPC named VPC-A that has public and private subnets. The developer also
creates an Amazon RDS database inside the private subnet of VPC-A. To perform some queries, the
developer creates an AWS Lambda function in the default VPC. The Lambda function has code to access
the RDS database. When the Lambda function runs, an error message indicates that the function cannot
connect to the RDS database.
How can the developer solve this problem?
Correct Answer:
C
🗳️
A company runs an application on AWS. The company deployed the application on Amazon EC2 instances.
The application stores data on Amazon Aurora.
The application recently logged multiple
application-specific custom DECRYP_ERROR errors to Amazon CloudWatch logs. The company did not
detect the issue until the automated tests that run every 30 minutes failed. A developer must
implement a solution that will monitor for the custom errors and alert a development team in real
time when these errors occur in the production environment.
Which solution will meet these
requirements with the LEAST operational overhead?
Correct Answer:
C
🗳️
A developer created an AWS Lambda function that accesses resources in a VPC. The Lambda function
polls an Amazon Simple Queue Service (Amazon SQS) queue for new messages through a VPC endpoint.
Then the function calculates a rolling average of the numeric values that are contained in the
messages. After initial tests of the Lambda function, the developer found that the value of the
rolling average that the function returned was not accurate.
How can the developer ensure
that the function calculates an accurate rolling average?
Correct Answer:
C
🗳️
A developer is writing unit tests for a new application that will be deployed on AWS. The developer
wants to validate all pull requests with unit tests and merge the code with the main branch only
when all tests pass.
The developer stores the code in AWS CodeCommit and sets up AWS
CodeBuild to run the unit tests. The developer creates an AWS Lambda function to start the CodeBuild
task. The developer needs to identify the CodeCommit events in an Amazon EventBridge event that can
invoke the Lambda function when a pull request is created or updated.
Which CodeCommit event
will meet these requirements?



Correct Answer:
C
🗳️
A developer deployed an application to an Amazon EC2 instance. The application needs to know the
public IPv4 address of the instance.
How can the application find this information?
Correct Answer:
A
🗳️
An application under development is required to store hundreds of video files. The data must be
encrypted within the application prior to storage, with a unique key for each video file.
How
should the developer code the application?
Correct Answer:
C
🗳️
A company is planning to deploy an application on AWS behind an Elastic Load Balancer. The
application uses an HTTP/HTTPS listener and must access the client IP addresses.
Which
load-balancing solution meets these requirements?
Correct Answer:
A
🗳️
A developer wants to debug an application by searching and filtering log data. The application logs
are stored in Amazon CloudWatch Logs. The developer creates a new metric filter to count exceptions
in the application logs. However, no results are returned from the logs.
What is the reason
that no filtered results are being returned?
Correct Answer:
B
🗳️
A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container
Service (Amazon ECS). During the deployment of a new version of the application, the company
initially must expose only 10% of live traffic to the new version of the deployed application. Then,
after 15 minutes elapse, the company must route all the remaining live traffic to the new version of
the deployed application.
Which CodeDeploy predefined configuration will meet these
requirements?
Correct Answer:
A
🗳️
A company hosts a batch processing application on AWS Elastic Beanstalk with instances that run the
most recent version of Amazon Linux. The application sorts and processes large datasets.
In
recent weeks, the application's performance has decreased significantly during a peak period for
traffic. A developer suspects that the application issues are related to the memory usage. The
developer checks the Elastic Beanstalk console and notices that memory usage is not being
tracked.
How should the developer gather more information about the application performance
issues?
Correct Answer:
B
🗳️
A developer is building a highly secure healthcare application using serverless components. This
application requires writing temporary data to /tmp storage on an AWS Lambda function.
How
should the developer encrypt this data?
Correct Answer:
B
🗳️
A developer has created an AWS Lambda function to provide notification through Amazon Simple
Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50
MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the
event notification is added to the S3 bucket and a 3,000 MB file is uploaded, the Lambda function
does not launch.
Which of the following is a possible reason for the Lambda function's
inability to launch?
Correct Answer:
B
🗳️
A developer is creating a Ruby application and needs to automate the deployment, scaling, and
management of an environment without requiring knowledge of the underlying
infrastructure.
Which service would best accomplish this task?
Correct Answer:
D
🗳️
A company has a web application that is deployed on AWS. The application uses an Amazon API Gateway
API and an AWS Lambda function as its backend.
The application recently demonstrated
unexpected behavior. A developer examines the Lambda function code, finds an error, and modifies the
code to resolve the problem. Before deploying the change to production, the developer needs to run
tests to validate that the application operates properly.
The application has only a
production environment available. The developer must create a new development environment to test
the code changes. The developer must also prevent other developers from overwriting these changes
during the test cycle.
Which combination of steps will meet these requirements with the LEAST
development effort? (Choose two.)
Correct Answer:
BD
🗳️
A developer is implementing an AWS Cloud Development Kit (AWS CDK) serverless application. The
developer will provision several AWS Lambda functions and Amazon API Gateway APIs during AWS
CloudFormation stack creation. The developer's workstation has the AWS Serverless Application Model
(AWS SAM) and the AWS CDK installed locally.
How can the developer test a specific Lambda
function locally?
Correct Answer:
D
🗳️
A company's new mobile app uses Amazon API Gateway. As the development team completes a new release
of its APIs, a developer must safely and transparently roll out the API change.
What is the
SIMPLEST solution for the developer to use for rolling out the new API version to a limited number
of users through API Gateway?
Correct Answer:
D
🗳️
A company caches session information for a web application in an Amazon DynamoDB table. The company
wants an automated way to delete old items from the table.
What is the simplest way to do
this?
Correct Answer:
B
🗳️
A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an
on-premises source control management (SCM) system to Amazon EventBridge. The company has configured
an EventBridge rule to listen for the events and to control application deployment in a central AWS
account. The company needs to receive the same events across multiple receiver AWS
accounts.
How can a developer meet these requirements without changing the configuration of
the SCM system?
Correct Answer:
C
🗳️
A company moved some of its secure files to a private Amazon S3 bucket that has no public access.
The company wants to develop a serverless application that gives its employees the ability to log in
and securely share the files with other users.
Which AWS feature should the company use to
share and access the files securely?
Correct Answer:
A
🗳️
A company needs to develop a proof of concept for a web service application. The application will
show the weather forecast for one of the company's office locations. The application will provide a
REST endpoint that clients can call. Where possible, the application should use caching features
provided by AWS to limit the number of requests to the backend service. The application backend will
receive a small amount of traffic only during testing.
Which approach should the developer
take to provide the REST endpoint MOST cost-effectively?
Correct Answer:
B
🗳️
An e-commerce web application that shares session state on-premises is being migrated to AWS. The
application must be fault tolerant, natively highly scalable, and any service interruption should
not affect the user experience.
What is the best option to store the session state?
Correct Answer:
A
🗳️
A developer is building an application that uses Amazon DynamoDB. The developer wants to retrieve
multiple specific items from the database with a single API call.
Which DynamoDB API call
will meet these requirements with the MINIMUM impact on the database?
Correct Answer:
D
🗳️
A developer has written an application that runs on Amazon EC2 instances. The developer is adding
functionality for the application to write objects to an Amazon S3 bucket.
Which policy must
the developer modify to allow the instances to write these objects?
Correct Answer:
A
🗳️
A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from
on-premises to Amazon EC2 instances in the developer's account. The developer is able to access an
EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same
VPC.
Which logs can the developer use to verify whether the traffic is reaching subnet B?
Correct Answer:
C
🗳️
A developer is creating a service that uses an Amazon S3 bucket for image uploads. The service will
use an AWS Lambda function to create a thumbnail of each image. Each time an image is uploaded, the
service needs to send an email notification and create the thumbnail. The developer needs to
configure the image processing and email notifications setup.
Which solution will meet these
requirements?
Correct Answer:
A
🗳️
A developer has designed an application to store incoming data as JSON files in Amazon S3 objects.
Custom business logic in an AWS Lambda function then transforms the objects, and the Lambda function
loads the data into an Amazon DynamoDB table. Recently, the workload has experienced sudden and
significant changes in traffic. The flow of data to the DynamoDB table is becoming
throttled.
The developer needs to implement a solution to eliminate the throttling and load
the data into the DynamoDB table more consistently.
Which solution will meet these
requirements?
Correct Answer:
B
🗳️
A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will invoke the
Lambda function when an object is uploaded into an S3 bucket. The Lambda function will process the
object and produce some analytic results that will be recorded into a file. Each processed object
will also generate a log entry that will be recorded into a file.
Other Lambda functions, AWS
services, and on-premises resources must have access to the result files and log file. Each log
entry must also be appended to the same shared log file. The developer needs a solution that can
share files and append results into an existing file.
Which solution should the developer use
to meet these requirements?
Correct Answer:
A
🗳️
A company has an AWS Lambda function that processes incoming requests from an Amazon API Gateway
API. The API calls the Lambda function by using a Lambda alias. A developer updated the Lambda
function code to handle more details related to the incoming requests. The developer wants to deploy
the new Lambda function for more testing by other developers with no impact to customers that use
the API.
Which solution will meet these requirements with the LEAST operational overhead?
Correct Answer:
C
🗳️
A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A
development team set up multiple environments in a single AWS account.
After a recent
production deployment, the development team observed that the development S3 buckets invoked the
production environment Lambda functions. These invocations caused unwanted execution of development
S3 files by using production Lambda functions. The development team must prevent these invocations.
The team must follow security best practices.
Which solution will meet these requirements?
Correct Answer:
C
🗳️
A developer is creating an application. New users of the application must be able to create an
account and register by using their own social media accounts.
Which AWS service or resource
should the developer use to meet these requirements?
Correct Answer:
C
🗳️
A social media application uses the AWS SDK for JavaScript on the frontend to get user credentials
from AWS Security Token Service (AWS STS). The application stores its assets in an Amazon S3 bucket.
The application serves its content by using an Amazon CloudFront distribution with the origin set to
the S3 bucket.
The credentials for the role that the application assumes to make the SDK
calls are stored in plaintext in a JSON file within the application code. The developer needs to
implement a solution that will allow the application to get user credentials without having any
credentials hardcoded in the application code.
Which solution will meet these requirements?
Correct Answer:
A
🗳️
An ecommerce website uses an AWS Lambda function and an Amazon RDS for MySQL database for an order
fulfillment service. The service needs to return order confirmation immediately.
During a
marketing campaign that caused an increase in the number of orders, the website's operations team
noticed errors for “too many connections” from Amazon RDS. However, the RDS DB cluster metrics are
healthy. CPU and memory capacity are still available.
What should a developer do to resolve
the errors?
Correct Answer:
A
🗳️
A company stores its data in data tables in a series of Amazon S3 buckets. The company received an
alert that customer credit card information might have been exposed in a data table on one of the
company's public applications. A developer needs to identify all potential exposures within the
application environment.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
A software company is launching a multimedia application. The application will allow guest users to
access sample content before the users decide if they want to create an account to gain full access.
The company wants to implement an authentication process that can identify users who have already
created an account. The company also needs to keep track of the number of guest users who eventually
create an account.
Which combination of steps will meet these requirements? (Choose two.)
Correct Answer:
BE
🗳️
A company is updating an application to move the backend of the application from Amazon EC2
instances to a serverless model. The application uses an Amazon RDS for MySQL DB instance and runs
in a single VPC on AWS. The application and the DB instance are deployed in a private subnet in the
VPC.
The company needs to connect AWS Lambda functions to the DB instance.
Which
solution will meet these requirements?
Correct Answer:
B
🗳️
A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image
(AMI). The company uses AWS CloudFormation to provision the application. The application runs in the
us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region.
An
attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the
AMI ID does not exist. A developer must resolve this error with a solution that uses the least
amount of operational overhead.
Which solution meets these requirements?
Correct Answer:
B
🗳️
A developer is updating several AWS Lambda functions and notices that all the Lambda functions share
the same custom libraries. The developer wants to centralize all the libraries, update the libraries
in a convenient way, and keep the libraries versioned.
Which solution will meet these
requirements with the LEAST development effort?
Correct Answer:
D
🗳️
A developer wants to use AWS Elastic Beanstalk to test a new version of an application in a test
environment.
Which deployment method offers the FASTEST deployment?
Correct Answer:
D
🗳️
A company is providing read access to objects in an Amazon S3 bucket for different customers. The
company uses IAM permissions to restrict access to the S3 bucket. The customers can access only
their own files.
Due to a regulation requirement, the company needs to enforce encryption in
transit for interactions with Amazon S3.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
A company has an image storage web application that runs on AWS. The company hosts the application
on Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group acts as the target group
for an Application Load Balancer (ALB) and uses an Amazon S3 bucket to store the images for
sale.
The company wants to develop a feature to test system requests. The feature will direct
requests to a separate target group that hosts a new beta version of the application.
Which
solution will meet this requirement with the LEAST effort?
Correct Answer:
D
🗳️
A team is developing an application that is deployed on Amazon EC2 instances. During testing, the
team receives an error. The EC2 instances are unable to access an Amazon S3 bucket.
Which
steps should the team take to troubleshoot this issue? (Choose two.)
Correct Answer:
D E
🗳️
A developer is working on an ecommerce website. The developer wants to review server logs without
logging in to each of the application servers individually. The website runs on multiple Amazon EC2
instances, is written in Python, and needs to be highly available.
How can the developer
update the application to meet these requirements with MINIMUM changes?
Correct Answer:
D
🗳️
A company is creating an application that processes .csv files from Amazon S3. A developer has
created an S3 bucket. The developer has also created an AWS Lambda function to process the .csv
files from the S3 bucket.
Which combination of steps will invoke the Lambda function when a
.csv file is uploaded to Amazon S3? (Choose two.)
Correct Answer:
BD
🗳️
A developer needs to build an AWS CloudFormation template that self-populates the AWS Region
variable that deploys the CloudFormation template.
What is the MOST operationally efficient
way to determine the Region in which the template is being deployed?
Correct Answer:
A
🗳️
A company has hundreds of AWS Lambda functions that the company's QA team needs to test by using the
Lambda function URLs. A developer needs to configure the authentication of the Lambda functions to
allow access so that the QA IAM group can invoke the Lambda functions by using the public
URLs.
Which solution will meet these requirements?
Correct Answer:
A
🗳️
A developer maintains a critical business application that uses Amazon DynamoDB as the primary data
store. The DynamoDB table contains millions of documents and receives 30-60 requests each minute.
The developer needs to perform processing in near-real time on the documents when they are added or
updated in the DynamoDB table.
How can the developer implement this feature with the LEAST
amount of change to the existing application code?
Correct Answer:
B
🗳️
A developer is writing an application for a company. The application will be deployed on Amazon EC2
and will use an Amazon RDS for Microsoft SQL Server database. The company's security team requires
that database credentials are rotated at least weekly.
How should the developer configure the
database credentials for this application?
Correct Answer:
C
🗳️
A real-time messaging application uses Amazon API Gateway WebSocket APIs with backend HTTP service.
A developer needs to build a feature in the application to identify a client that keeps connecting
to and disconnecting from the WebSocket connection. The developer also needs the ability to remove
the client.
Which combination of changes should the developer make to the application to meet
these requirements? (Choose two.)
Correct Answer:
CD
🗳️
A developer has written code for an application and wants to share it with other developers on the
team to receive feedback. The shared application code needs to be stored long-term with multiple
versions and batch change tracking.
Which AWS service should the developer use?
Correct Answer:
C
🗳️
A company's developer is building a static website to be deployed in Amazon S3 for a production
environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda
function. The website that is deployed to production will use a Lambda alias that points to a
specific version of the Lambda function.
The company must rotate the database credentials
every 2 weeks. Lambda functions that the company deployed previously must be able to use the most
recent credentials.
Which solution will meet these requirements?
Correct Answer:
A
🗳️
A developer is developing an application that uses signed requests (Signature Version 4) to call
other AWS services. The developer has created a canonical request, has created the string to sign,
and has calculated signing information.
Which methods could the developer use to complete a
signed request? (Choose two.)
Correct Answer:
AD
🗳️
A company must deploy all its Amazon RDS DB instances by using AWS CloudFormation templates as part
of AWS CodePipeline continuous integration and continuous delivery (CI/CD) automation. The primary
password for the DB instance must be automatically generated as part of the deployment
process.
Which solution will meet these requirements with the LEAST development effort?
Correct Answer:
B
🗳️
An organization is storing large files in Amazon S3, and is writing a web application to display
meta-data about the files to end-users. Based on the metadata a user selects an object to download.
The organization needs a mechanism to index the files and provide single-digit millisecond latency
retrieval for the metadata.
What AWS service should be used to accomplish this?
Correct Answer:
A
🗳️
A developer is creating an AWS Serverless Application Model (AWS SAM) template. The AWS SAM template
contains the definition of multiple AWS Lambda functions, an Amazon S3 bucket, and an Amazon
CloudFront distribution. One of the Lambda functions runs on Lambda@Edge in the CloudFront
distribution. The S3 bucket is configured as an origin for the CloudFront distribution.
When
the developer deploys the AWS SAM template in the eu-west-1 Region, the creation of the stack
fails.
Which of the following could be the reason for this issue?
Correct Answer:
C
🗳️
A developer is integrating Amazon ElastiCache in an application. The cache will store data from a
database. The cached data must populate real-time dashboards.
Which caching strategy will
meet these requirements?
Correct Answer:
D
🗳️
A developer is creating an AWS Lambda function. The Lambda function needs an external library to
connect to a third-party solution. The external library is a collection of files with a total size
of 100 MB. The developer needs to make the external library available to the Lambda execution
environment and reduce the Lambda package space.
Which solution will meet these requirements
with the LEAST operational overhead?
Correct Answer:
C
🗳️
A company has a front-end application that runs on four Amazon EC2 instances behind an Elastic Load
Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. A developer
needs to deploy and test new application code while updating the Elastic Beanstalk platform from the
current version to a newer version of Node.js. The solution must result in zero downtime for the
application.
Which solution meets these requirements?
Correct Answer:
D
🗳️
A developer is creating an AWS Lambda function. The Lambda function will consume messages from an
Amazon Simple Queue Service (Amazon SQS) queue. The developer wants to integrate unit testing as
part of the function's continuous integration and continuous delivery (CI/CD) process.
How
can the developer unit test the function?
Correct Answer:
D
🗳️
A developer is working on a web application that uses Amazon DynamoDB as its data store. The
application has two DynamoDB tables: one table that is named artists and one table that is named
songs. The artists table has artistName as the partition key. The songs table has songName as the
partition key and artistName as the sort key.
The table usage patterns include the retrieval
of multiple songs and artists in a single database operation from the webpage. The developer needs a
way to retrieve this information with minimal network traffic and optimal application
performance.
Which solution will meet these requirements?
Correct Answer:
A
🗳️
A company is developing an ecommerce application that uses Amazon API Gateway APIs. The application
uses AWS Lambda as a backend. The company needs to test the code in a dedicated, monitored test
environment before the company releases the code to the production environment.
Which
solution will meet these requirements?
Correct Answer:
C
🗳️
A developer creates an AWS Lambda function that retrieves and groups data from several public API
endpoints. The Lambda function has been updated and configured to connect to the private subnet of a
VPC. An internet gateway is attached to the VPC. The VPC uses the default network ACL and security
group configurations.
The developer finds that the Lambda function can no longer access the
public API. The developer has ensured that the public API is accessible, but the Lambda function
cannot connect to the API
How should the developer fix the connection issue?
Correct Answer:
A
🗳️
A developer needs to store configuration variables for an application. The developer needs to set an
expiration date and time for the configuration. The developer wants to receive notifications before
the configuration expires.
Which solution will meet these requirements with the LEAST
operational overhead?
Correct Answer:
D
🗳️
A company is developing a serverless application that consists of various AWS Lambda functions
behind Amazon API Gateway APIs. A developer needs to automate the deployment of Lambda function
code. The developer will deploy updated Lambda functions with AWS CodeDeploy. The deployment must
minimize the exposure of potential errors to end users. When the application is in production, the
application cannot experience downtime outside the specified maintenance window.
Which
deployment configuration will meet these requirements with the LEAST deployment time?
Correct Answer:
A
🗳️
A company created four AWS Lambda functions that connect to a relational database server that runs
on an Amazon RDS instance. A security team requires the company to automatically change the database
password every 30 days.
Which solution will meet these requirements MOST securely?
Correct Answer:
C
🗳️
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage
that requires access to a database to run integration tests. The developer is using a buildspec.yml
file to configure the database connection. Company policy requires automatic rotation of all
database credentials.
Which solution will handle the database credentials MOST securely?
Correct Answer:
A
🗳️
A company is developing a serverless multi-tier application on AWS. The company will build the
serverless logic tier by using Amazon API Gateway and AWS Lambda.
While the company builds the
logic tier, a developer who works on the frontend of the application must develop integration tests.
The tests must cover both positive and negative scenarios, depending on success and error HTTP
status codes.
Which solution will meet these requirements with the LEAST effort?
Correct Answer:
C
🗳️
Users are reporting errors in an application. The application consists of several microservices that
are deployed on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate.
Which
combination of steps should a developer take to fix the errors? (Choose two.)
Correct Answer:
A
🗳️
A developer is creating an application for a company. The application needs to read the file doc.txt
that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The
company’s security team requires the principle of least privilege to be applied to the application’s
IAM policy.
Which IAM policy statement will meet these security requirements?



Correct Answer:
D
🗳️
A company has an application that uses AWS CodePipeline to automate its continuous integration and
continuous delivery (CI/CD) workflow. The application uses AWS CodeCommit for version control. A
developer who was working on one of the tasks did not pull the most recent changes from the main
branch. A week later, the developer noticed merge conflicts.
How can the developer resolve
the merge conflicts in the developer's branch with the LEAST development effort?
Correct Answer:
D
🗳️
A developer wants to add request validation to a production environment Amazon API Gateway API. The
developer needs to test the changes before the API is deployed to the production environment. For
the test, the developer will send test requests to the API through a testing tool.
Which
solution will meet these requirements with the LEAST operational overhead?
Correct Answer:
B
🗳️
An online food company provides an Amazon API Gateway HTTP API to receive orders for partners. The
API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon
DynamoDB table.
The company expects to onboard additional partners. Some of the partners
require additional Lambda functions to receive orders. The company has created an Amazon S3 bucket.
The company needs to store all orders and updates in the S3 bucket for future analysis.
How
can the developer ensure that all orders and updates are stored to Amazon S3 with the LEAST
development effort?
Correct Answer:
C
🗳️
A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment
during peak times. Website users across the world are experiencing high latency due to static
content on the EC2 instance, even during non-peak hours.
Which combination of steps will
resolve the latency issue? (Choose two.)
Correct Answer:
DE
🗳️
A company has an Amazon S3 bucket containing premier content that it intends to make available to
only paid subscribers of its website. The S3 bucket currently has default permissions of all objects
being private to prevent inadvertent exposure of the premier content to non-paying website
visitors.
How can the company limit the ability to download a premier content file in the S3
bucket to paid subscribers only?
Correct Answer:
B
🗳️
A developer is creating an AWS Lambda function that searches for items from an Amazon DynamoDB table
that contains customer contact information. The DynamoDB table items have the customer’s
email_address as the partition key and additional properties such as customer_type, name and
job_title.
The Lambda function runs whenever a user types a new character into the
customer_type text input. The developer wants the search to return partial matches of all the
email_address property of a particular customer_type. The developer does not want to recreate the
DynamoDB table.
What should the developer do to meet these requirements?
Correct Answer:
D
🗳️
A developer is building an application that uses AWS API Gateway APIs, AWS Lambda functions, and AWS
DynamoDB tables. The developer uses the AWS Serverless Application Model (AWS SAM) to build and run
serverless applications on AWS. Each time the developer pushes changes for only to the Lambda
functions, all the artifacts in the application are rebuilt.
The developer wants to implement
AWS SAM Accelerate by running a command to only redeploy the Lambda functions that have
changed.
Which command will meet these requirements?
Correct Answer:
C
🗳️
A developer is building an application that gives users the ability to view bank accounts from
multiple sources in a single dashboard. The developer has automated the process to retrieve API
credentials for these sources. The process invokes an AWS Lambda function that is associated with an
AWS CloudFormation custom resource.
The developer wants a solution that will store the API
credentials with minimal operational overhead.
Which solution will meet these requirements in
the MOST secure way?
Correct Answer:
D
🗳️
A developer is trying to get data from an Amazon DynamoDB table called demoman-table. The developer
configured the AWS CLI to use a specific IAM user’s credentials and ran the following
command:
aws dynamodb get-item --table-name demoman-table --key '{"id":
{"N":"1993"}}'
The command returned errors and no rows were returned.
What is the MOST
likely cause of these issues?
Correct Answer:
A
🗳️
An organization is using Amazon CloudFront to ensure that its users experience low-latency access to
its web application. The organization has identified a need to encrypt all traffic between users and
CloudFront, and all traffic between CloudFront and the web application.
How can these
requirements be met? (Choose two.)
Correct Answer:
BD
🗳️
A developer is planning to migrate on-premises company data to Amazon S3. The data must be
encrypted, and the encryption keys must support automatic annual rotation. The company must use AWS
Key Management Service (AWS KMS) to encrypt the data.
Which type of keys should the developer
use to meet these requirements?
Correct Answer:
D
🗳️
A team of developers is using an AWS CodePipeline pipeline as a continuous integration and
continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to
programmatically test the functionality of the application code. The unit tests produce a test
report that shows the results of each individual check. The developer now wants to run these tests
automatically during the CI/CD process.
Which solution will meet this requirement with the
LEAST operational effort?
Correct Answer:
D
🗳️
A company has multiple Amazon VPC endpoints in the same VPC. A developer needs to configure an
Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC
endpoints.
Which solution will meet these requirements?
Correct Answer:
C
🗳️
A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in
size to generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s
cloud-based applications has hundreds of AWS Lambda functions that pull data from these endpoints. A
developer updated the trust store of the Lambda execution environment to use the Root CA Cert when
the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text
file in the Lambda deployment bundle.
After 3 months of development, the Root CA Cert is no
longer valid and must be updated. The developer needs a more efficient solution to update the Root
CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all
Lambda functions that use the Root CA Cert. The solution must also work for all development,
testing, and production environments. Each environment is managed in a separate AWS
account.
Which combination of steps should the developer take to meet these requirements MOST
cost-effectively? (Choose two.)
Correct Answer:
CE
🗳️
A developer maintains applications that store several secrets in AWS Secrets Manager. The
applications use secrets that have changed over time. The developer needs to identify required
secrets that are still in use. The developer does not want to cause any application
downtime.
What should the developer do to meet these requirements?
Correct Answer:
A
🗳️
A developer is writing a serverless application that requires an AWS Lambda function to be invoked
every 10 minutes.
What is an automated and serverless way to invoke the function?
Correct Answer:
C
🗳️
A company is using Amazon OpenSearch Service to implement an audit monitoring system. A developer
needs to create an AWS CloudFormation custom resource that is associated with an AWS Lambda function
to configure the OpenSearch Service domain. The Lambda function must access the OpenSearch Service
domain by using OpenSearch Service internal master user credentials.
What is the MOST secure
way to pass these credentials to the Lambda function?
Correct Answer:
D
🗳️
An application runs on multiple EC2 instances behind an ELB.
Where is the session data best
written so that it can be served reliably across multiple requests?
Correct Answer:
A
🗳️
An ecommerce application is running behind an Application Load Balancer. A developer observes some
unexpected load on the application during non-peak hours. The developer wants to analyze patterns
for the client IP addresses that use the application.
Which HTTP header should the developer
use for this analysis?
Correct Answer:
A
🗳️
A developer migrated a legacy application to an AWS Lambda function. The function uses a third-party
service to pull data with a series of API calls at the end of each month. The function then
processes the data to generate the monthly reports. The function has been working with no issues so
far.
The third-party service recently issued a restriction to allow a fixed number of API
calls each minute and each day. If the API calls exceed the limit for each minute or each day, then
the service will produce errors. The API also provides the minute limit and daily limit in the
response header. This restriction might extend the overall process to multiple days because the
process is consuming more API calls than the available limit.
What is the MOST operationally
efficient way to refactor the serverless application to accommodate this change?
Correct Answer:
B
🗳️
A developer must analyze performance issues with production-distributed applications written as AWS
Lambda functions. These distributed Lambda applications invoke other components that make up the
applications.
How should the developer identify and troubleshoot the root cause of the
performance issues in production?
Correct Answer:
C
🗳️
A developer wants to deploy a new version of an AWS Elastic Beanstalk application. During
deployment, the application must maintain full capacity and avoid service interruption.
Additionally, the developer must minimize the cost of additional resources that support the
deployment.
Which deployment method should the developer use to meet these requirements?
Correct Answer:
B
🗳️
A developer has observed an increase in bugs in the AWS Lambda functions that a development team has
deployed in its Node.js application. To minimize these bugs, the developer wants to implement
automated testing of Lambda functions in an environment that closely simulates the Lambda
environment.
The developer needs to give other developers the ability to run the tests
locally. The developer also needs to integrate the tests into the team’s continuous integration and
continuous delivery (CI/CD) pipeline before the AWS Cloud Development Kit (AWS CDK)
deployment.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The
application is deployed to an Amazon EC2 instance. The application requires read-only permissions to
a table that is named Cars. The EC2 instance has an attached IAM role that contains the following
IAM policy:
When
the application tries to read from the Cars table, an Access Denied error occurs.
How can the
developer resolve this error?
Correct Answer:
D
🗳️
When using the AWS Encryption SDK, how does the developer keep track of the data encryption keys used to encrypt data?
Correct Answer:
C
🗳️
An application that runs on AWS Lambda requires access to specific highly confidential objects in an
Amazon S3 bucket. In accordance with the principle of least privilege, a company grants access to
the S3 bucket by using only temporary credentials.
How can a developer configure access to
the S3 bucket in the MOST secure way?
Correct Answer:
D
🗳️
A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS
Lambda function across multiple accounts in the same AWS Region as the S3 bucket. An AWS
CloudFormation template that runs for each account will deploy the Lambda function.
What is
the MOST secure way to allow CloudFormation to access the Lambda code in the S3 bucket?
Correct Answer:
A
🗳️
A developer at a company needs to create a small application that makes the same API call once each
day at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the
company wants to implement this functionality on AWS.
Which solution meets these requirements
in the MOST operationally efficient manner?
Correct Answer:
C
🗳️
A developer is building a serverless application that is based on AWS Lambda. The developer
initializes the AWS software development kit (SDK) outside of the Lambda handler
function.
What is the PRIMARY benefit of this action?
Correct Answer:
B
🗳️
A company is using Amazon RDS as the backend database for its application. After a recent marketing
campaign, a surge of read requests to the database increased the latency of data retrieval from the
database. The company has decided to implement a caching layer in front of the database. The cached
content must be encrypted and must be highly available.
Which solution will meet these
requirements?
Correct Answer:
C
🗳️
A developer at a company recently created a serverless application to process and show data from
business reports. The application’s user interface (UI) allows users to select and start processing
the files. The UI displays a message when the result is available to view. The application uses AWS
Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway
and Lambda functions to create an API to support the UI.
The company’s UI team reports that
the request to process a file is often returning timeout errors because of the size or complexity of
the files. The UI team wants the API to provide an immediate response so that the UI can display a
message while the files are being processed. The backend process that is invoked by the API needs to
send an email message when the report processing is complete.
What should the developer do to
configure the API to meet these requirements?
Correct Answer:
A
🗳️
A developer has an application that is composed of many different AWS Lambda functions. The Lambda
functions all use some of the same dependencies. To avoid security issues, the developer is
constantly updating the dependencies of all of the Lambda functions. The result is duplicated effort
for each function.
How can the developer keep the dependencies of the Lambda functions up to
date with the LEAST additional complexity?
Correct Answer:
C
🗳️
A mobile app stores blog posts in an Amazon DynamoDB table. Millions of posts are added every day,
and each post represents a single item in the table. The mobile app requires only recent posts. Any
post that is older than 48 hours can be removed.
What is the MOST cost-effective way to
delete posts that are older than 48 hours?
Correct Answer:
B
🗳️
A developer is modifying an existing AWS Lambda function. While checking the code, the developer
notices hardcoded parameter values for an Amazon RDS for SQL Server user name, password, database,
host, and port. There are also hardcoded parameter values for an Amazon DynamoDB table, an Amazon S3
bucket, and an Amazon Simple Notification Service (Amazon SNS) topic.
The developer wants to
securely store the parameter values outside the code in an encrypted format and wants to turn on
rotation for the credentials. The developer also wants to be able to reuse the parameter values from
other applications and to update the parameter values without modifying code.
Which solution
will meet these requirements with the LEAST operational overhead?
Correct Answer:
B
🗳️
A developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are
tied to a user with the following permissions:
The
developer needs to create/delete branches.
Which specific IAM permissions need to be added,
based on the principle of least privilege?
Correct Answer:
B
🗳️
An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The application calls the
DynamoDB REST API. Periodically, the application receives a ProvisionedThroughputExceededException
error when the application writes to a DynamoDB table.
Which solutions will mitigate this
error MOST cost-effectively? (Choose two.)
Correct Answer:
AB
🗳️
When a developer tries to run an AWS CodeBuild project, it raises an error because the length of all
environment variables exceeds the limit for the combined maximum of characters.
What is the
recommended solution?
Correct Answer:
D
🗳️
A company is expanding the compatibility of its photo-sharing mobile app to hundreds of additional
devices with unique screen dimensions and resolutions. Photos are stored in Amazon S3 in their
original format and resolution. The company uses an Amazon CloudFront distribution to serve the
photos. The app includes the dimension and resolution of the display as GET parameters with every
request.
A developer needs to implement a solution that optimizes the photos that are served
to each device to reduce load time and increase photo quality.
Which solution will meet these
requirements MOST cost-effectively?
Correct Answer:
D
🗳️
A company is building an application for stock trading. The application needs sub-millisecond
latency for processing trade requests. The company uses Amazon DynamoDB to store all the trading
data that is used to process each trading request.
A development team performs load testing
on the application and finds that the data retrieval time is higher than expected. The development
team needs a solution that reduces the data retrieval time with the least possible
effort.
Which solution meets these requirements?
Correct Answer:
D
🗳️
A developer is working on a Python application that runs on Amazon EC2 instances. The developer
wants to enable tracing of application requests to debug performance issues in the
code.
Which combination of actions should the developer take to achieve this goal? (Choose
two.)
Correct Answer:
CE
🗳️
A company has an application that runs as a series of AWS Lambda functions. Each Lambda function
receives data from an Amazon Simple Notification Service (Amazon SNS) topic and writes the data to
an Amazon Aurora DB instance.
To comply with an information security policy, the company must
ensure that the Lambda functions all use a single securely encrypted database connection string to
access Aurora.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
A developer is troubleshooting an Amazon API Gateway API. Clients are receiving HTTP 400 response
errors when the clients try to access an endpoint of the API.
How can the developer determine
the cause of these errors?
Correct Answer:
A
🗳️
A company developed an API application on AWS by using Amazon CloudFront, Amazon API Gateway, and
AWS Lambda. The API has a minimum of four requests every second. A developer notices that many API
users run the same query by using the POST method. The developer wants to cache the POST request to
optimize the API resources.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A company is building a microservices application that consists of many AWS Lambda functions. The
development team wants to use AWS Serverless Application Model (AWS SAM) templates to automatically
test the Lambda functions. The development team plans to test a small percentage of traffic that is
directed to new updates before the team commits to a full deployment of the
application.
Which combination of steps will meet these requirements in the MOST
operationally efficient way? (Choose two.)
Correct Answer:
BD
🗳️
A company is using AWS CloudFormation to deploy a two-tier application. The application will use
Amazon RDS as its backend database. The company wants a solution that will randomly generate the
database password during deployment. The solution also must automatically rotate the database
password without requiring changes to the application.
What is the MOST operationally
efficient solution that meets these requirements?
Correct Answer:
D
🗳️
A developer has been asked to create an AWS Lambda function that is invoked any time updates are
made to items in an Amazon DynamoDB table. The function has been created, and appropriate
permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled
for the table, but the function is still not being invoked.
Which option would enable
DynamoDB table updates to invoke the Lambda function?
Correct Answer:
B
🗳️
A developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application
has environment variables that must be passed to a container for the application to
initialize.
How should the environment variables be passed to the container?
Correct Answer:
A
🗳️
A development team maintains a web application by using a single AWS RDS, template. The template
defines web servers and an Amazon RDS database. The team uses the CloudFormation template to deploy
the CloudFormation stack to different environments.
During a recent application deployment, a
developer caused the primary development database to be dropped and recreated. The result of this
incident was a loss of data. The team needs to avoid accidental database deletion in the
future.
Which solutions will meet these requirements? (Choose two.)
Correct Answer:
AB
🗳️
A developer is storing sensitive data generated by an application in Amazon S3. The developer wants
to encrypt the data at rest. A company policy requires an audit trail of when the AWS Key Management
Service (AWS KMS) key was used and by whom.
Which encryption option will meet these
requirements?
Correct Answer:
B
🗳️
A company has an ecommerce application. To track product reviews, the company’s development team
uses an Amazon DynamoDB table.
Every record includes the following:
• A Review ID, a
16-digit universally unique identifier (UUID)
• A Product ID and User ID, 16-digit UUIDs that
reference other tables
• A Product Rating on a scale of 1-5
• An optional comment from the
user
The table partition key is the Review ID. The most performed query against the table is
to find the 10 reviews with the highest rating for a given product.
Which index will provide
the FASTEST response for this query?
Correct Answer:
B
🗳️
A company needs to distribute firmware updates to its customers around the world.
Which
service will allow easy and secure control of the access to the downloads at the lowest cost?
Correct Answer:
A
🗳️
A developer is testing an application that invokes an AWS Lambda function asynchronously. During the
testing phase, the Lambda function fails to process after two retries.
How can the developer
troubleshoot the failure?
Correct Answer:
B
🗳️
A company is migrating its PostgreSQL database into the AWS Cloud. The company wants to use a
database that will secure and regularly rotate database credentials. The company wants a solution
that does not require additional programming overhead.
Which solution will meet these
requirements?
Correct Answer:
C
🗳️
A developer is creating a mobile application that will not require users to log in.
What is
the MOST efficient method to grant users access to AWS resources?
Correct Answer:
D
🗳️
A company has developed a new serverless application using AWS Lambda functions that will be
deployed using the AWS Serverless Application Model (AWS SAM) CLI.
Which step should the
developer complete prior to deploying the application?
Correct Answer:
B
🗳️
A company wants to automate part of its deployment process. A developer needs to automate the
process of checking for and deleting unused resources that supported previously deployed stacks but
that are no longer used.
The company has a central application that uses the AWS Cloud
Development Kit (AWS CDK) to manage all deployment stacks. The stacks are spread out across multiple
accounts. The developer’s solution must integrate as seamlessly as possible within the current
deployment process.
Which solution will meet these requirements with the LEAST amount of
configuration?
Correct Answer:
B
🗳️
A company built a new application in the AWS Cloud. The company automated the bootstrapping of new
resources with an Auto Scaling group by using AWS CloudFormation templates. The bootstrap scripts
contain sensitive data.
The company needs a solution that is integrated with CloudFormation
to manage the sensitive data in the bootstrap scripts.
Which solution will meet these
requirements in the MOST secure way?
Correct Answer:
D
🗳️
A company needs to set up secure database credentials for all its AWS Cloud resources. The company’s
resources include Amazon RDS DB instances, Amazon DocumentDB clusters, and Amazon Aurora DB
instances. The company’s security policy mandates that database credentials be encrypted at rest and
rotated at a regular interval.
Which solution will meet these requirements MOST securely?
Correct Answer:
C
🗳️
A developer has created an AWS Lambda function that makes queries to an Amazon Aurora MySQL DB
instance. When the developer performs a test, the DB instance shows an error for too many
connections.
Which solution will meet these requirements with the LEAST operational effort?
Correct Answer:
D
🗳️
A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development
team tests the API and validates responses for the known use cases before deploying the API to the
production environment.
The developer wants to make the REST API available for testing by
using API Gateway locally.
Which AWS Serverless Application Model Command Line Interface (AWS
SAM CLI) subcommand will meet these requirements?
Correct Answer:
D
🗳️
A company has a serverless application on AWS that uses a fleet of AWS Lambda functions that have
aliases. The company regularly publishes new Lambda function by using an in-house deployment
solution. The company wants to improve the release process and to use traffic shifting. A newly
published function version should initially make available only to a fixed percentage of production
users.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A company has an application that stores data in Amazon RDS instances. The application periodically
experiences surges of high traffic that cause performance problems. During periods of peak traffic,
a developer notices a reduction in query speed in all database queries.
The team’s technical
lead determines that a multi-threaded and scalable caching solution should be used to offload the
heavy read traffic. The solution needs to improve performance.
Which solution will meet these
requirements with the LEAST complexity?
Correct Answer:
A
🗳️
A developer must provide an API key to an AWS Lambda function to authenticate with a third-party
system. The Lambda function will run on a schedule. The developer needs to ensure that the API key
remains encrypted at rest.
Which solution will meet these requirements?
Correct Answer:
C
🗳️
An IT department uses Amazon S3 to store sensitive images. After more than 1 year, the company moves
the images into archival storage. The company rarely accesses the images, but the company wants a
storage solution that maximizes resiliency. The IT department needs access to the images that have
been moved to archival storage within 24 hours.
Which solution will meet these requirements
MOST cost-effectively?
Correct Answer:
D
🗳️
A developer is building a serverless application by using the AWS Serverless Application Model (AWS
SAM). The developer is currently testing the application in a development environment. When the
application is nearly finished, the developer will need to set up additional testing and staging
environments for a quality assurance team.
The developer wants to use a feature of the AWS
SAM to set up deployments to multiple environments.
Which solution will meet these
requirements with the LEAST development effort?
Correct Answer:
B
🗳️
A developer is working on an application that processes operating data from IoT devices. Each IoT
device uploads a data file once every hour to an Amazon S3 bucket. The developer wants to
immediately process each data file when the data file is uploaded to Amazon S3.
The developer
will use an AWS Lambda function to process the data files from Amazon S3. The Lambda function is
configured with the S3 bucket information where the files are uploaded. The developer wants to
configure the Lambda function to immediately invoke after each data file is uploaded.
Which
solution will meet these requirements?
Correct Answer:
B
🗳️
A developer is setting up infrastructure by using AWS CloudFormation. If an error occurs when the
resources described in the Cloud Formation template are provisioned, successfully provisioned
resources must be preserved. The developer must provision and update the CloudFormation stack by
using the AWS CLI.
Which solution will meet these requirements?
Correct Answer:
C
🗳️
A developer is building a serverless application that connects to an Amazon Aurora PostgreSQL
database. The serverless application consists of hundreds of AWS Lambda functions. During every
Lambda function scale out, a new database connection is made that increases database resource
consumption.
The developer needs to decrease the number of connections made to the database.
The solution must not impact the scalability of the Lambda functions.
Which solution will
meet these requirements?
Correct Answer:
A
🗳️
A developer is preparing to begin development of a new version of an application. The previous
version of the application is deployed in a production environment. The developer needs to deploy
fixes and updates to the current version during the development of the new version of the
application. The code for the new version of the application is stored in AWS
CodeCommit.
Which solution will meet these requirements?
Correct Answer:
A
🗳️
A developer is creating an AWS CloudFormation stack. The stack contains IAM resources with custom
names. When the developer tries to deploy the stack, they receive an InsufficientCapabilities
error.
What should the developer do to resolve this issue?
Correct Answer:
B
🗳️
A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have caching
enabled in API Gateway. Customers need a way to invalidate the cache for each API when they test the
API.
What should a developer do to give customers the ability to invalidate the API cache?
Correct Answer:
D
🗳️
A developer is creating an AWS Lambda function that will generate and export a file. The function
requires 100 MB of temporary storage for temporary files while running. These files will not be
needed after the function is complete.
How can the developer MOST efficiently handle the
temporary files?
Correct Answer:
A
🗳️
A company uses Amazon DynamoDB as a data store for its order management system. The company frontend
application stores orders in a DynamoDB table. The DynamoDB table is configured to send change
events to a DynamoDB stream. The company uses an AWS Lambda function to log and process the incoming
orders based on data from the DynamoDB stream.
An operational review reveals that the order
quantity of incoming orders is sometimes set to 0. A developer needs to create a dashboard that will
show how many unique customers this problem affects each day.
What should the developer do to
implement the dashboard?
Correct Answer:
D
🗳️
A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda
function is configured in VPC mode and needs to connect to an existing Amazon RDS for SQL Server DB
instance. The DB instance is deployed in a private subnet and accepts connections by using port
1433.
When the developer tests the function, the function reports an error when it tries to
connect to the database.
Which combination of steps should the developer take to diagnose
this issue? (Choose two.)
Correct Answer:
AC
🗳️
A developer needs to launch a new Amazon EC2 instance by using the AWS CLI.
Which AWS CLI
command should the developer use to meet this requirement?
Correct Answer:
D
🗳️
A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical
copies of the infrastructure, stage changes, and revert to previous versions.
Which approach
addresses these requirements?
Correct Answer:
D
🗳️
A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function
must retrieve an item and update some of its attributes, or create the item if it does not exist.
The Lambda function has access to the primary key.
Which IAM permissions should the developer
request for the Lambda function to achieve this functionality?
Correct Answer:
D
🗳️
A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon
ElastiCache in front. The prices of items in the market change frequently. Sellers have begun
complaining that, after they update the price of an item, the price does not actually change in the
product listing.
What could be causing this issue?
Correct Answer:
A
🗳️
A company requires that all applications running on Amazon EC2 use IAM roles to gain access to AWS
services. A developer is modifying an application that currently relies on IAM user access keys
stored in environment variables to access Amazon DynamoDB tables using boto, the AWS SDK for
Python.
The developer associated a role with the same permissions as the IAM user to the EC2
instance, then deleted the IAM user. When the application was restarted, the AWS
AccessDeniedException messages started appearing in the application logs. The developer was able to
use their personal account on the server to run DynamoDB API commands using the AWS CLI.
What
is the MOST likely cause of the exception?
Correct Answer:
B
🗳️
A company has an existing application that has hardcoded database credentials. A developer needs to
modify the existing application. The application is deployed in two AWS Regions with an
active-passive failover configuration to meet company’s disaster recovery strategy.
The
developer needs a solution to store the credentials outside the code. The solution must comply with
the company’s disaster recovery strategy.
Which solution will meet these requirements in the
MOST secure way?
Correct Answer:
A
🗳️
A developer is receiving HTTP 400: ThrottlingException errors intermittently when calling the Amazon
CloudWatch API. When a call fails, no data is retrieved.
What best practice should first be
applied to address this issue?
Correct Answer:
D
🗳️
An application needs to use the IP address of the client in its processing. The application has been
moved into AWS and has been placed behind an Application Load Balancer (ALB). However, all the
client IP addresses now appear to be the same. The application must maintain the ability to scale
horizontally.
Based on this scenario, what is the MOST cost-effective solution to this
problem?
Correct Answer:
C
🗳️
A developer is designing a serverless application that customers use to select seats for a concert
venue. Customers send the ticket requests to an Amazon API Gateway API with an AWS Lambda function
that acknowledges the order and generates an order ID. The application includes two additional
Lambda functions: one for inventory management and one for payment processing. These two Lambda
functions run in parallel and write the order to an Amazon Dynamo DB table.
The application
must provide seats to customers according to the following requirements. If a seat is accidently
sold more than once, the first order that the application received must get the seat. In these
cases, the application must process the payment for only the first order. However, if the first
order is rejected during payment processing, the second order must get the seat. In these cases, the
application must process the payment for the second order.
Which solution will meet these
requirements?
Correct Answer:
A
🗳️
An application uses AWS X-Ray to generate a large amount of trace data on an hourly basis. A
developer wants to use filter expressions to limit the returned results through user-specified
custom attributes.
How should the developer use filter expressions to filter the results in
X-Ray?
Correct Answer:
A
🗳️
A web application is using Amazon Kinesis Data Streams for clickstream data that may not be consumed
for up to 12 hours.
How can the developer implement encryption at rest for data within the
Kinesis Data Streams?
Correct Answer:
D
🗳️
An application is real-time processing millions of events that are received through an
API.
What service could be used to allow multiple consumers to process the data concurrently
and MOST cost-effectively?
Correct Answer:
D
🗳️
Given the following AWS CloudFormation template:
What
is the MOST efficient way to reference the new Amazon S3 bucket from another AWS CloudFormation
template?
Correct Answer:
A
🗳️
A developer has built an application that inserts data into an Amazon DynamoDB table. The table is
configured to use provisioned capacity. The application is deployed on a burstable nano Amazon EC2
instance. The application logs show that the application has been failing because of a
ProvisionedThroughputExceededException error.
Which actions should the developer take to
resolve this issue? (Choose two.)
Correct Answer:
CE
🗳️
A company is hosting a workshop for external users and wants to share the reference documents with
the external users for 7 days. The company stores the reference documents in an Amazon S3 bucket
that the company owns.
What is the MOST secure way to share the documents with the external
users?
Correct Answer:
A
🗳️
A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API. The
developer will have three distinct environments to manage: development, test, and
production.
How should the application be deployed while minimizing the number of resources
to manage?
Correct Answer:
C
🗳️
A developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB)
using a CLI command. However, the Lambda function is not being invoked when the client sends
requests through the ALB.
Why is the Lambda function not being invoked?
Correct Answer:
C
🗳️
A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL
instance. The developer wants to store the database credentials. The database credentials need to be
encrypted and the database password needs to be automatically rotated.
Which solution will
meet these requirements?
Correct Answer:
B
🗳️
A developer wants to reduce risk when deploying a new version of an existing AWS Lambda function. To
test the Lambda function, the developer needs to split the traffic between the existing version and
the new version of the Lambda function.
Which solution will meet these requirements?
Correct Answer:
B
🗳️
A developer has created a large AWS Lambda function. Deployment of the function is failing because
of an InvalidParameterValueException error. The error message indicates that the unzipped size of
the function exceeds the maximum supported value.
Which actions can the developer take to
resolve this error? (Choose two.)
Correct Answer:
CE
🗳️
A developer is troubleshooting an application in an integration environment. In the application, an
Amazon Simple Queue Service (Amazon SQS) queue consumes messages and then an AWS Lambda function
processes the messages. The Lambda function transforms the messages and makes an API call to a
third-party service.
There has been an increase in application usage. The third-party API
frequently returns an HTTP 429 Too Many Requests error message. The error message prevents a
significant number of messages from being processed successfully.
How can the developer
resolve this issue?
Correct Answer:
A
🗳️
A company has a three-tier application that is deployed in Amazon Elastic Container Service (Amazon
ECS). The application is using an Amazon RDS for MySQL DB instance. The application performs more
database reads than writes.
During times of peak usage, the application’s performance
degrades. When this performance degradation occurs, the DB instance’s ReadLatency metric in Amazon
CloudWatch increases suddenly.
How should a developer modify the application to improve
performance?
Correct Answer:
A
🗳️
A company has an online web application that includes a product catalog. The catalog is stored in an
Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The application must be able to list the objects
in the S3 bucket and must be able to download objects through an IAM policy.
Which policy
allows MINIMUM access to meet these requirements?



Correct Answer:
A
🗳️
A developer is writing an application to encrypt files outside of AWS before uploading the files to
an Amazon S3 bucket. The encryption must be symmetric and must be performed inside the
application.
How can the developer implement the encryption in the application to meet these
requirements?
Correct Answer:
A
🗳️
A developer is working on an application that is deployed on an Amazon EC2 instance. The developer
needs a solution that will securely transfer files from the application to an Amazon S3
bucket.
What should the developer do to meet these requirements in the MOST secure way?
Correct Answer:
B
🗳️
A developer created a web API that receives requests by using an internet-facing Application Load
Balancer (ALB) with an HTTPS listener. The developer configures an Amazon Cognito user pool and
wants to ensure that every request to the API is authenticated through Amazon Cognito.
What
should the developer do to meet this requirement?
Correct Answer:
B
🗳️
A company recently deployed an AWS Lambda function. A developer notices an increase in the function
throttle metrics in Amazon CloudWatch.
What are the MOST operationally efficient solutions to
reduce the function throttling? (Choose two.)
Correct Answer:
CE
🗳️
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The
service must run different versions for testing purposes.
What would be the BEST way to
accomplish this?
Correct Answer:
D
🗳️
A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline is
triggered by changes to the main branch of an AWS CodeCommit repository and uses AWS CodeBuild to
implement the test and build stages of the process and AWS CodeDeploy to deploy the
application.
The pipeline has been operating successfully for several months and there have
been no modifications. Following a recent change to the application’s source code, AWS CodeDeploy
has not deployed the updated application as expected.
What are the possible causes? (Choose
two.)
Correct Answer:
AB
🗳️
A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM)
on multiple AWS Lambda functions. When the application is deployed, the developer wants to shift 10%
of the traffic to the new deployment of the application for the first 10 minutes after deployment.
If there are no issues, all traffic must switch over to the new version.
Which change to the
AWS SAM template will meet these requirements?
Correct Answer:
B
🗳️
An AWS Lambda function is running in a company’s shared AWS account. The function needs to perform
an additional ec2:DescribeInstances action that is directed at the company’s development accounts. A
developer must configure the required permissions across the accounts.
How should the
developer configure the permissions to adhere to the principle of least privilege?
Correct Answer:
B
🗳️
A developer is building a new application that will be deployed on AWS. The developer has created an
AWS CodeCommit repository for the application. The developer has initialized a new project for the
application by invoking the AWS Cloud Development Kit (AWS CDK) cdk init command.
The
developer must write unit tests for the infrastructure as code (IaC) templates that the AWS CDK
generates. The developer also must run a validation tool across all constructs in the CDK
application to ensure that critical security configurations are activated.
Which combination
of actions will meet these requirements with the LEAST development overhead? (Choose two.)
Correct Answer:
BE
🗳️
An online sales company is developing a serverless application that runs on AWS. The application
uses an AWS Lambda function that calculates order success rates and stores the data in an Amazon
DynamoDB table. A developer wants an efficient way to invoke the Lambda function every 15
minutes.
Which solution will meet this requirement with the LEAST development effort?
Correct Answer:
B
🗳️
A company deploys a photo-processing application to an Amazon EC2 instance. The application needs to
process each photo in less than 5 seconds. If processing takes longer than 5 seconds, the company’s
development team must receive a notification.
How can a developer implement the required time
measurement and notification with the LEAST operational overhead?
Correct Answer:
A
🗳️
A company is using AWS Elastic Beanstalk to manage web applications that are running on Amazon EC2
instances. A developer needs to make configuration changes. The developer must deploy the changes to
new instances only.
Which types of deployment can the developer use to meet this requirement?
(Choose two.)
Correct Answer:
BD
🗳️
A developer needs to use Amazon DynamoDB to store customer orders. The developer’s company requires
all customer data to be encrypted at rest with a key that the company generates.
What should
the developer do to meet these requirements?
Correct Answer:
B
🗳️
A company uses AWS CloudFormation to deploy an application that uses an Amazon API Gateway REST API
with AWS Lambda function integration. The application uses Amazon DynamoDB for data persistence. The
application has three stages: development, testing, and production. Each stage uses its own DynamoDB
table.
The company has encountered unexpected issues when promoting changes to the production
stage. The changes were successful in the development and testing stages. A developer needs to route
20% of the traffic to the new production stage API with the next production release. The developer
needs to route the remaining 80% of the traffic to the existing production stage. The solution must
minimize the number of errors that any single customer experiences.
Which approach should the
developer take to meet these requirements?
Correct Answer:
D
🗳️
A developer has created a data collection application that uses Amazon API Gateway, AWS Lambda, and
Amazon S3. The application’s users periodically upload data files and wait for the validation status
to be reflected on a processing dashboard. The validation process is complex and time-consuming for
large files.
Some users are uploading dozens of large files and have to wait and refresh the
processing dashboard to see if the files have been validated. The developer must refactor the
application to immediately update the validation result on the user’s dashboard without reloading
the full dashboard.
What is the MOST operationally efficient solution that meets these
requirements?
Correct Answer:
A
🗳️
A company’s developer is creating an application that uses Amazon API Gateway. The company wants to
ensure that only users in the Sales department can use the application. The users authenticate to
the application by using federated credentials from a third-party identity provider (IdP) through
Amazon Cognito. The developer has set up an attribute mapping to map an attribute that is named
Department and to pass the attribute to a custom AWS Lambda authorizer.
To test the access
limitation, the developer sets their department to Engineering in the IdP and attempts to log in to
the application. The developer is denied access. The developer then updates their department to
Sales in the IdP and attempts to log in. Again, the developer is denied access. The developer checks
the logs and discovers that access is being denied because the developer’s access token has a
department value of Engineering.
Which of the following is a possible reason that the
developer’s department is still being reported as Engineering instead of Sales?
Correct Answer:
A
🗳️
A company has migrated an application to Amazon EC2 instances. Automatic scaling is working well for
the application user interface. However, the process to deliver shipping requests to the company’s
warehouse staff is encountering issues. Duplicate shipping requests are arriving, and some requests
are lost or arrive out of order.
The company must avoid duplicate shipping requests and must
process the requests in the order that the requests arrive. Requests are never more than 250 KB in
size and take 5-10 minutes to process. A developer needs to rearchitect the application to improve
the reliability of the delivery and processing of the requests.
What should the developer do
to meet these requirements?
Correct Answer:
D
🗳️
A developer is creating a machine learning (ML) pipeline in AWS Step Functions that contains AWS
Lambda functions. The developer has configured an Amazon Simple Queue Service (Amazon SQS) queue to
deliver ML model parameters to the ML pipeline to train ML models. The developer uploads the trained
models are uploaded to an Amazon S3 bucket.
The developer needs a solution that can locally
test the ML pipeline without making service integration calls to Amazon SQS and Amazon
S3.
Which solution will meet these requirements?
Correct Answer:
D
🗳️
Untamables
Highly Voted 7 months, 3 weeks agojipark
3 months agoCyberBaby803
7 months, 2 weeks agoAgboolaKun
4 months, 3 weeks agogeekdamsel
Highly Voted 6 months agodongocanh272
Most Recent 3 days, 2 hours agocgpt
6 days, 22 hours agossnei
3 weeks agoDigo30sp
1 month agosoumyaranjan7
1 month agohuyhq
1 month agoNinjaCloud
1 month, 1 week agoMeghna17
1 month, 1 week agoNav16011991
1 month, 1 week agoShreya_aspire
1 month, 3 weeks agoNancy_1312
1 month, 3 weeks agohsinchang
1 month, 4 weeks agoKashan6109
2 months agojustpassaws3122
2 months, 1 week agobestrus
2 months, 2 weeks ago